Mailinglist Archive: opensuse-wiki (395 mails)

[Juergen Weigert <jw@xxxxxxx>]

On Jul 28, 10 16:00:27 -0600, Matthew Ehle wrote:
> Hello,
>  
> There are two major problems with the bento theme login which will need to be 
> fixed.  Until they are, I am recommending that everyone avoid using the 
> javascript login form and instead use the standard login page that is used by 
> the legacy wiki.
>  
> Issue 1: The login form sends information in plain text over plain HTTP.
> I have actually fixed this on stage, but perhaps others would like to
> review it to make sure that passwords aren't being sent in clear text
> anymore.  Assuming that is the case, it can go live when I run the next
> update.  So please try this out in stage (if you are able) and get back
> to me.  If one of you have WireShark installed, that would be perfect.

Wireshark confused me today. I don't see any cleartext password with
enstage, but I fail to verify that I have seen all TCP packets.

Firebug tells me that the javascript dropdown login sends it to
https://enstage.opensuse.org/ICSLogin/auth-up

Also, 
http://enstage.opensuse.org/ICHAINLogout/?%22http://en.opensuse.org/cmd/ICSLogout%22-X
promotes to https, before accepting my password.

Looks good, so far.
                thanks, 
                        JW-

-- 
 o \  Juergen Weigert  paint it green!    __/ _=======.=======_
<V> | jw@xxxxxxx       back to ascii!  __/        _---|____________\/
 \  | 0911 74053-508                __/          (____/            /\
(/) | _____________________________/              _/ \_ vim:set sw=2 wm=8
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
"Why would it be stupid to assume that a file can continue to be accessed by the
same name in the future?"   Brion Vibber bwmo#15842#c12
-- 
To unsubscribe, e-mail: opensuse-wiki+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-wiki+help@xxxxxxxxxxxx